Path: csiph.com!optima2.xanadu-bbs.net!xanadu-bbs.net!news.glorb.com!usenet.stanford.edu!not-for-mail
From: Eduardo =?utf-8?Q?A=2E_Bustamante_L=C3=B3pez?= <dualbus@gmail.com>
Newsgroups: gnu.bash.bug
Subject: Re: null ptr deref and segfault in parameter_brace_transform.isra.17 () at subst.c:6827 (bash 4.4.0(1)-beta)
Date: Sat, 19 Sep 2015 23:33:18 -0500
Lines: 17
Approved: bug-bash@gnu.org
Message-ID: <mailman.1427.1442723609.19560.bug-bash@gnu.org>
References: <CANMVOuwwAW4SgckL_Y+sbHRO-TTiwoz6R3uvQak9a13J21+ZPg@mail.gmail.com>
NNTP-Posting-Host: lists.gnu.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: usenet.stanford.edu 1442723609 19681 208.118.235.17 (20 Sep 2015 04:33:29 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bug-bash@gnu.org
To: Brian Carpenter <brian.carpenter@gmail.com>
Envelope-to: bug-bash@gnu.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:cc:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=jb0i/0woqIV/0XeRdRo47NkwRddQ8NwHEH9wzXBcEGU=; b=r8TEJ087rd0VZXxmq26n+ddbfrUJ6vpfPhIXLUYCMXeDh10b7IGyzCCsrwRbU/pGZT dlbKRRm1Cv4UttoswmaIXlIFl6+CYd7kKOrqe7j/2Up/G0+1yDCCUH84HCSeWrEnNCJM GY8y19xr3+9zaj9CAB8xoRWFwS+nVInJXp1NSCCNZbUnXgEsnabhEUakPqKeshKgRzkH 4k003EkSuciCkT7JnylFhkkzBJRPYJTYHj4u06DEVE39m6YGk2HvbqnyCXKeMiSWucsw r0mWzQ6UvGle/NsyX0vymGIIT56XAEGDP9r71ZZ+1ZJefNiMgbKBcVGAMpAmpZLMAGbW 72Wg==
X-Received: by 10.66.161.137 with SMTP id xs9mr16914062pab.117.1442723602571; Sat, 19 Sep 2015 21:33:22 -0700 (PDT)
Mail-Followup-To: Brian Carpenter <brian.carpenter@gmail.com>, bug-bash@gnu.org
Content-Disposition: inline
In-Reply-To: <CANMVOuwwAW4SgckL_Y+sbHRO-TTiwoz6R3uvQak9a13J21+ZPg@mail.gmail.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value).
X-Received-From: 2607:f8b0:400e:c03::22a
X-BeenThere: bug-bash@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-bash>
List-Post: <mailto:bug-bash@gnu.org>
List-Help: <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref: csiph.com gnu.bash.bug:11513

On Sat, Sep 19, 2015 at 11:17:33PM -0500, Brian Carpenter wrote:
> I found another null ptr deref and segfault. This only seems to affect bash
> 4.4.0 as 4.2.37(1)-release and 4.2.37(1)-release only return a 'bad
> substitution' error message.

Hey Brian,

I just wanted to step in and say: you're doing an awesome job! Could you do a
write up on the specific setup you're using to run afl with bash? Do you use
any kind of jail/sandbox to avoid bugs which could affect the system?

This is amazing.

-- 
Eduardo Bustamante
http://dualbus.me/